CVE-2026-13514: Exposure of Backup File to an Unauthorized Control Sphere in Chess Play and Learn App
CVE-2026-13514 is a low-severity vulnerability in the Chess Play and Learn App for Android up to version 4.9.42. It involves exposure of a backup file related to the AndroidManifest.xml component, potentially allowing unauthorized access if an attacker has physical access to the device. The vendor has acknowledged the issue and plans to address it but excludes physical-access attacks from their bug bounty program.
AI Analysis
Technical Summary
This vulnerability affects the Chess Play and Learn App on Android versions 4.9.0 through 4.9.42. It arises from improper handling of the AndroidManifest.xml file component, leading to exposure of a backup file to unauthorized control spheres. Exploitation requires physical access to the device. The vulnerability has been publicly disclosed, and the vendor has confirmed its existence and intends to fix it. However, no official patch or remediation level has been published yet.
Potential Impact
The impact is limited to unauthorized exposure of a backup file on a physical device, which could potentially lead to information disclosure. The CVSS 4.0 base score is 2.4, indicating low severity. There is no indication of remote exploitation or privilege escalation. The vulnerability does not affect cloud services and requires physical access to exploit.
Mitigation Recommendations
No official patch or fix has been published yet. The vendor has confirmed the issue and plans to address it in future updates. Until a fix is released, users should be aware that physical access to the device could expose backup files. The vendor's bug bounty excludes physical-access attacks, but they acknowledge the report and may provide goodwill compensation. Users should monitor vendor advisories for updates and upgrade once a patch becomes available.
CVE-2026-13514: Exposure of Backup File to an Unauthorized Control Sphere in Chess Play and Learn App
Description
CVE-2026-13514 is a low-severity vulnerability in the Chess Play and Learn App for Android up to version 4.9.42. It involves exposure of a backup file related to the AndroidManifest.xml component, potentially allowing unauthorized access if an attacker has physical access to the device. The vendor has acknowledged the issue and plans to address it but excludes physical-access attacks from their bug bounty program.
CVSS v4.0
Score 2.4low
Affected software
cpe:2.3:a:chess:play_and_learn_app:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability affects the Chess Play and Learn App on Android versions 4.9.0 through 4.9.42. It arises from improper handling of the AndroidManifest.xml file component, leading to exposure of a backup file to unauthorized control spheres. Exploitation requires physical access to the device. The vulnerability has been publicly disclosed, and the vendor has confirmed its existence and intends to fix it. However, no official patch or remediation level has been published yet.
Potential Impact
The impact is limited to unauthorized exposure of a backup file on a physical device, which could potentially lead to information disclosure. The CVSS 4.0 base score is 2.4, indicating low severity. There is no indication of remote exploitation or privilege escalation. The vulnerability does not affect cloud services and requires physical access to exploit.
Mitigation Recommendations
No official patch or fix has been published yet. The vendor has confirmed the issue and plans to address it in future updates. Until a fix is released, users should be aware that physical access to the device could expose backup files. The vendor's bug bounty excludes physical-access attacks, but they acknowledge the report and may provide goodwill compensation. Users should monitor vendor advisories for updates and upgrade once a patch becomes available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-06-28T06:40:38.081Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a41b00927e9c79719ca8384
Added to database: 06/28/2026, 23:36:41 UTC
Last enriched: 06/28/2026, 23:51:26 UTC
Last updated: 06/29/2026, 01:08:29 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.